Just spotted something I presumed was obsolete. The username “pop3user” appears in our telnet/ssh logs. I have no idea when I last utilized POP3 to fetch emails from one of my mail servers. IMAP and several webmail services have completely overtaken this traditional email protocol. However, it seems this one attacker is relying on the possibility that someone still has a “pop3user” set up.